I don't think we need anything apart from Jonathan's text. I'd argue that for process applied to data collected in a third party capacity, notification is a must; for first party data, a should; and for any breach where you must notify some users, you must notify all users. On Wed 25 Jan 2012 06:43:06 PM CET, David Singer wrote: > > On Jan 25, 2012, at 16:12 , Jonathan Mayer wrote: > >> Proposed text: >> >> A party MAY take action contrary to the requirements of this standard if compelled by mandatory legal process. To the extent allowed by law, the party MUST (SHOULD? MAY? non-normative?) notify affected users. > > which means we need a 'legal exception'? > > > > David Singer > Multimedia and Software Standards, Apple Inc. > >Received on Wednesday, 25 January 2012 18:12:12 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 January 2012 18:12:13 GMT